30.10.Â Common Address Redundancy Protocol
(CARP)

Contributed by TomRhodes.

Updated by AllanJude.

The Common Address Redundancy Protocol
(CARP) allows multiple hosts to share the
same IP address and Virtual Host ID
(VHID) in order to provide high
availability for one or more services. This means
that one or more hosts can fail, and the other hosts will
transparently take over so that users do not see a service
failure.

In addition to the shared IP address,
each host has its own IP address for
management and configuration. All of the machines that share an
IP address have the same
VHID. The VHID for each
virtual IP address must be unique across the
broadcast domain of the network interface.

High availability using CARP is built
into FreeBSD, though the steps to configure it vary slightly
depending upon the FreeBSD version. This section provides the same
example configuration for versions before and equal to or after
FreeBSDÂ 10.

This example configures failover support with three hosts,
all with unique IP addresses, but providing
the same web content. It has two different masters named
hosta.example.org and
hostb.example.org, with a shared backup
named hostc.example.org.

These machines are load balanced with a Round Robin
DNS configuration. The master and backup
machines are configured identically except for their hostnames
and management IP addresses. These servers
must have the same configuration and run the same services.
When the failover occurs, requests to the service on the shared
IP address can only be answered correctly if
the backup server has access to the same content. The backup
machine has two additional CARP interfaces,
one for each of the master content server's
IP addresses. When a failure occurs, the
backup server will pick up the failed master machine's
IP address.

30.10.1.Â Using CARP on FreeBSDÂ 10 and
Later

Enable boot-time support for CARP by
adding an entry for the carp.ko kernel
module in /boot/loader.conf:

The next set of entries are for
hostb.example.org. Since it
represents a second master, it uses a different shared
IP address and VHID.
However, the passwords specified with pass
must be identical as CARP will only listen
to and accept advertisements from machines with the correct
password.

The third machine,
hostc.example.org, is configured to
handle failover from either master. This machine is
configured with two CARPVHIDs, one to handle the virtual
IP address for each of the master hosts.
The CARP advertising skew,
advskew, is set to ensure that the backup
host advertises later than the master, since
advskew controls the order of precedence when
there are multiple backup servers.

Having two CARPVHIDs configured means that
hostc.example.org will notice if
either of the master servers becomes unavailable. If a master
fails to advertise before the backup server, the backup server
will pick up the shared IP address until
the master becomes available again.

Note:

Preemption is disabled by default. If preemption has
been enabled, hostc.example.org
might not release the virtual IP address
back to the original master server. The administrator
can force the backup server to return the
IP address to the master with the
command:

#ifconfig em0 vhid 1 state backup

Once the configuration is complete, either restart
networking or reboot each system. High availability is now
enabled.

CARP functionality can be controlled
via several sysctl(8) variables documented in the
carp(4) manual pages. Other actions can be triggered
from CARP events by using
devd(8).

30.10.2.Â Using CARP on FreeBSDÂ 9 and
Earlier

The configuration for these versions of FreeBSD is similar to
the one described in the previous section, except that a
CARP device must first be created and
referred to in the configuration.

Enable boot-time support for CARP by
loading the if_carp.ko kernel module in
/boot/loader.conf:

Set the hostname, management IP
address, the shared IP address, and
VHID by adding the required lines to
/etc/rc.conf. Since a virtual
CARP device is used instead of an alias,
the actual subnet mask of /24 is used
instead of /32. Here are the entries for
hosta.example.org:

Note:

Preemption is disabled in the
GENERIC FreeBSD kernel. If
preemption has been enabled with a custom kernel,
hostc.example.org may not release
the IP address back to the original
content server. The administrator can force the backup
server to return the IP address to the
master with the command:

#ifconfig carp0 down && ifconfig carp0 up

This should be done on the carp
interface which corresponds to the correct host.

Once the configuration is complete, either restart
networking or reboot each system. High availability is now
enabled.